Date: Thu, 8 Dec 2005 15:47:00 +0100 From: "Marcus Franke" <MFranke@evendi.de> To: <freebsd-pf@freebsd.org> Subject: AW: Firewall concepts Message-ID: <AE41C3C123D61B45B457F3037275842F1E08B0@DC-EX-001.evendi.local>
next in thread | raw e-mail | index | archive | help
>=20 > Hello Marcus > A firewall on every pc will soon become a nightmare to manage as the > network grows. You could in theory put the pf rules on a read-only > remote filesystem..and have every client access to it, but thats if > you have time for such tricks... >=20 > The internet gateway is the place to put your firewall - the one that > has the direct connection to the internet. And make sure no one can > unplug it from the network, or shut down the pf even temporarily. >=20 I would admit to this, but I am the only person usign these boxes. One is my machine in the office the other one is at home. Concerning the manageability I would say, yes, you are right. One should invent a solution like the manageability of WinXP SP2 with the help of the ActiveDirectory in a windows server domain. One ruleset for all boxes. But, often you read that attacks against servers will be done from the inside network.=20 Marcus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AE41C3C123D61B45B457F3037275842F1E08B0>